Month: February 2024

Enlarge / It's-a me, the long arm of the law. (credit: Aurich Lawson / Nintendo / Getty Images)

When 54-year-old Gary Bowser pleaded guilty to his role in helping Team Xecuter with their piracy-enabling line of console accessories, he realized he would likely never pay back the $14.5 million he owed Nintendo in civil and criminal penalties. In a new interview with The Guardian, though, Bowser says he began making $25 monthly payments toward those massive fines even while serving a related prison sentence.

Last year, Bowser was released after serving 14 months of that 40-month sentence (in addition to 16 months of pre-trial detention), which was spread across several different prisons. During part of that stay, Bowser tells The Guardian, he was paid $1 an hour for four-hour shifts counseling other prisoners on suicide watch.

From that money, Bowser says he “was paying Nintendo $25 a month” while behind bars. That lines up roughly with a discussion Bowser had with the Nick Moses podcast last year, where he said he had already paid $175 to Nintendo during his detention.

Enlarge (credit: Getty Images)

Federal civilian agencies have until midnight Saturday morning to sever all network connections to Ivanti VPN software, which is currently under mass exploitation by multiple threat groups. The US Cybersecurity and Infrastructure Security Agency mandated the move on Wednesday after disclosing three critical vulnerabilities in recent weeks.

Three weeks ago, Ivanti disclosed two critical vulnerabilities that it said threat actors were already actively exploiting. The attacks, the company said, targeted “a limited number of customers” using the company’s Connect Secure and Policy Secure VPN products. Security firm Volexity said on the same day that the vulnerabilities had been under exploitation since early December. Ivanti didn’t have a patch available and instead advised customers to follow several steps to protect themselves against attacks. Among the steps was running an integrity checker the company released to detect any compromises.

Almost two weeks later, researchers said the zero-days were under mass exploitation in attacks that were backdooring customer networks around the globe. A day later, Ivanti failed to make good on an earlier pledge to begin rolling out a proper patch by January 24. The company didn’t start the process until Wednesday, two weeks after the deadline it set for itself.

Enlarge / Booking photo of Alan Filion, charged with multiple felonies connected to a "swatting" incident at the Masjid Al Hayy Mosque in Sanford, Florida. (credit: Seminole County Sheriff's Office)

Police suspect that a 17-year-old from California, Alan Filion, may be responsible for "hundreds of swatting incidents and bomb threats" targeting the Pentagon, schools, mosques, FBI offices, and military bases nationwide, CNN reported.

Swatting occurs when fraudulent calls to police trigger emergency response teams to react forcefully to non-existent threats.

Recently extradited to Florida, Filion was charged with multiple felonies after the Seminole County Sheriff’s Office (SCSO) traced a call where Filion allegedly claimed to be a mass shooter entering the Masjid Al Hayy Mosque in Sanford, Florida. The caller played "audio of gunfire in the background," SCSO said, while referencing Satanism and claiming he had a handgun and explosive devices.

Enlarge (credit: Getty Images | Thamrongpat Theerathammakorn)

The Federal Communications Commission plans to vote on making the use of AI-generated voices in robocalls illegal. The FCC said that AI-generated voices in robocalls have "escalated during the last few years" and have "the potential to confuse consumers with misinformation by imitating the voices of celebrities, political candidates, and close family members."

FCC Chairwoman Jessica Rosenworcel's proposed Declaratory Ruling would rule that "calls made with AI-generated voices are 'artificial' voices under the Telephone Consumer Protection Act (TCPA), which would make voice cloning technology used in common robocalls scams targeting consumers illegal," the commission announced yesterday. Commissioners reportedly will vote on the proposal in the coming weeks.

A recent anti-voting robocall used an artificially generated version of President Joe Biden's voice. The calls told Democrats not to vote in the New Hampshire Presidential Primary election.

Enlarge (credit: Getty Images)

Google has another fix for the second major storage bug Pixel phones have seen in the last four months. Last week reports surfaced that some Pixel owners were being locked out of their phone's local storage, creating a nearly useless phone with all sorts of issues. Many blamed the January 2024 Google Play system update for the issue, and yesterday Google confirmed that hypothesis. Google posted an official solution to the issue on the Pixel Community Forums, but there's no user-friendly solution here. Google's automatic update system broke people's devices, but the fix is completely manual, requiring users to download the developer tools, install drivers, change settings, plug in their phones, and delete certain files via a command-line interface.

The good news is that, if you've left your phone sitting around in a nearly useless state for the last week or two, following the directions means you won't actually lose any data. Having a week or two of downtime is not acceptable to a lot of people, though, and several users replied to the thread saying they already wiped their device to get their phone working again and had to deal with the resulting data loss (despite many attempts and promises, Android does not have a comprehensive backup system that works).

The bad news is that I don't think many normal users will be able to follow Google's directions. First, you'll need to perform the secret action to enable Android's Developer Options (you tap on the build number seven times). Then you have to download Google's "SDK Platform-Tools" zip file, which is meant for app developers. After that, plug in your phone, switch to the correct "File transfer" connection mode, open a terminal, navigate to the platform-tools folder, and run both “./adb uninstall com.google.android.media.swcodec” and “./adb uninstall com.google.android.media." Then reboot the phone and hope that worked.

Enlarge / Selena Gomez and Martin Short on the set of Only Murders in the Building on February 14, 2022, in New York City.

Hulu and Disney+ subscribers have until March 14 to stop sharing their login information with people outside of their household. Disney-owned streaming services are the next to adopt the password-crackdown strategy that has helped Netflix add millions of subscribers.

An email sent from "The Hulu Team" to subscribers yesterday and viewed by Ars Technica tells customers that Hulu is "adding limitations on sharing your account outside of your household."

Hulu's subscriber agreement, updated on January 25, now states that users "may not share your subscription outside of your household," with household being defined as the "collection of devices associated with your primary personal residence that are used by the individuals who reside therein."